I recently was blessed with a user who was fooled by an email about a package and tracking. The email of course had nothing to do with a shipping company, but contained Cryptowall, a variant of the Cryptodefender trojan. And it was methodical. After basically locking them out of all their databases for a day while it did its business, it popped up the obligatory message about all the files being encrypted with an RSA 2048 key, and if you did not give them $500 in bitcoins (that one was new to me, but I guess they are untraceable), you would never see your files again.

Needless to say the lady was panic stricken. And I was ashen. It got her computer and every shared drive on the network. That was years worth of stuff. She called me about 5:30 on a Thursday, and I told her to stop everything and I would start looking at it that night (thank god for Teamviewer).

It was that bad. Every picture, word document, text file, spreadsheet, etc. EVERYTHING. As I said, it was methodical.

So I took a day off work, explaining to my boss what had happened, and headed over to the Church. I had turned off the shares so that on the odd chance the trojan had left some infecting mechanism on them, none of the other 10 computers would be infected. And started running Malwarebytes and Eset Online Scanner on every computer in safe mode (with networking). All the other 10 computers came up clean (well, they did not have Cryptowall, but they did have other less fatal bugs). But neither Eset nor Malwarebytes would run to conclusion on the "Trojan Prime" computer, so I worked on it over night. I managed to get it to run to conclusion (and hence how I found it was a phony shipping company email) by limiting what it scanned for successive scans until I was able to run a complete scan.

The Trojan was gone. But what to do about the data? Fortunately I had set up a backup program. A simple affair that backed up the data to a jump drive, full on Friday and then incremental the rest of the week. Each Friday, someone was supposed to take the drive off site (home with them) and put the second drive in. I do not know if that had been happening, but at least the backup was still running! SO I was able to restore the data on the server to the night before the infection.

But what about "Trojan Prime"? I could see no way around it. Her files looked like toast. But I downloaded and ran recuva, hoping to find some deleted files that had escaped encryption and restore them. What I found surprised me (ok, so I am not keeping up with what Microsoft is doing). Microsoft had ported Shadow Copy to Windows Vista (and beyond)! I was familiar with it as I have worked with Windows 2003, but how to get to the shadow copies without doing a complete restore?

Bing (or Google - YMMV) is your friend. Yep, I asked Bing and it told me about "Shadow Explorer". Freeware. So I downloaded it and gave it a shot.

And it recovered EVERYTHING (of course you do have to have System Restore turned on). Nice little utility that I have added to my Batcomputer Utility belt! It saved that Church's files, and is great! I know many do not like System Restore (I have yet to have good experience with it doing anything for the "system"), but with Windows Vista and beyond, it has a nice side job that can be a real life saver. With Shadow Explorer!

I've had a few 'shipping notices' lately....but been binning them and adding each sender to blocked/spam list...

I had a couple also... and responded the same way. Anything like that is binned immediately, especially if I'm not expecting it or do not recognise the sender. Even when I am expecting a delivery from an online purchase, I go directly to the shipping company's website and I'll type in my ticket number manually to avoid such issues.. Fortunately, the companies I do business with use either Australia Post or Couriers Please [which I have bookmarked for my convenience] so I'm not hunting all over the net for shipping advice, etc.

Did you hear the one about the cheap phone from China, preinstalled with spyware? Read about it the other day.

Same here.... read it on Yahoo7, the cheeky bastards.

I've seen quite a few cheap phones from China but I've never been tempted to go for one, not even as a cheap second/backup phone. When it comes to things like that, I prefer to stick with brand names and tech I know, and to date I haven't recognised one single brand name of those Chinese phones I've seen advertised.